ci: Update GoReleaser config (#338)
Ayman Bagabas
created
* fix(ci): use brew formula instead of cask
* fix(ci): add cosign signing to goreleaser
* fix(ci): release: add workflow secrets
* fix(ci): release: add source sbom
* fix(ci): release: add footer from meta
* fix(ci): release: use homebrew_casks instead of brews
Change summary
.github/workflows/release.yml | 6 ++++++
.goreleaser.yml | 26 ++++++++++++++++++++++++++
2 files changed, 32 insertions(+)
Detailed changes
@@ -24,3 +24,9 @@ jobs:
nfpm_passphrase: ${{ secrets.NFPM_PASSPHRASE }}
npm_token: ${{ secrets.NPM_TOKEN }}
snapcraft_token: ${{ secrets.SNAPCRAFT_TOKEN }}
+ aur_key: ${{ secrets.AUR_KEY }}
+ macos_sign_p12: ${{ secrets.MACOS_SIGN_P12 }}
+ macos_sign_password: ${{ secrets.MACOS_SIGN_PASSWORD }}
+ macos_notary_issuer_id: ${{ secrets.MACOS_NOTARY_ISSUER_ID }}
+ macos_notary_key_id: ${{ secrets.MACOS_NOTARY_KEY_ID }}
+ macos_notary_key: ${{ secrets.MACOS_NOTARY_KEY }}
@@ -144,6 +144,26 @@ nfpms:
- src: ./manpages/crush.1.gz
dst: /usr/share/man/man1/crush.1.gz
+signs:
+ - cmd: cosign
+ certificate: "${artifact}.pem"
+ args:
+ - sign-blob
+ - "--output-certificate=${certificate}"
+ - "--output-signature=${signature}"
+ - "${artifact}"
+ - "--yes"
+ artifacts: checksum
+ output: true
+
+source:
+ enabled: true
+
+sboms:
+ - artifacts: archive
+ - id: source
+ artifacts: source
+
nix:
- repository:
owner: "charmbracelet"
@@ -210,3 +230,9 @@ changelog:
order: 400
- title: Other work
order: 9999
+
+release:
+ prerelease: auto
+ footer:
+ from_url:
+ url: https://raw.githubusercontent.com/charmbracelet/meta/main/footer.md